How severe is CVE-2023-6971?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-6971?

This is classified as CWE-829, which is a common weakness in software security.

CVE-2023-6971 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.

Related Vulnerabilities

CVE-2004-0030

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modif...

CWE-8292004

CVE-2004-0285

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMV...

CWE-8292004

CVE-2010-2076

CRITICAL

CVSS:9.8(Critical)

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not p...

CWE-8292010

CVE-2012-4919

CRITICAL

CVSS:9.8(Critical)

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

CWE-8292012

CVE-2017-1376

CRITICAL

CVSS:9.8(Critical)

A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.

CWE-8292017

CVE-2017-5397

CRITICAL

CVSS:9.8(Critical)

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious applicatio...

CWE-8292017